Wearable Authentication: Your Next Passcode Might Be Worn On Body

In The Future of Wearable Tech, iQ by Intel and PSFK Labs explore the evolving form and function of our Internet-connected devices. This series, based on a recent report, looks at the rise of wearable technologies and their impact on consumer lifestyles.

The year 2013 was perhaps one of the worst years yet for breaches in supposedly “secure” storehouses of consumer data. In November alone, nearly 2 million usernames and passwords were stolen from more than 93,000 websites including Facebook, Google, Yahoo, LinkedIn and Twitter. With so many sites using single sign-on procedures, hackers who make off with your any of your logins could potentially leapfrog from site to site, picking up data as they go.

A study by data management and protection outfit, EMC, announced that the average security breach costs organizations more than $860,000 dollars and a report from Javelin Strategy & Research estimated that hackers can send upward of $5,000 up in smoke each time they take over an individual’s bank account or credit card with $800 of that coming out of the victim’s own pockets …along with hours of hassle spent on phone calls and letter-writing.

The endless reworking, remembering and re-entry of our logins is adding layers of bother to our lives (password fatigue, anyone?) without raising much core confidence in the security of our data. Besides increasing the length of passwords or adding numbers and symbols, the current systems of identity verification have remained fundamentally unchanged for decades, despite the fact that the digitally fragmented nature of our daily lives places a lot of vital information at risk.

Here we look at examples of wearable tech that seek to subvert the dominant paradigm of authentication and usher in an era of seamless, uniquely personal access to all our important accounts, information and devices. This trend, often called “Authenticated Self,” [INSERT LINK] builds on the growing dynamic in wearable tech for devices to incorporate the user’s body into the computational process.

In May, a unit of what was then part of Google’s Motorola Mobility announced two new alternatives to the conventional password that they are looking to incorporate into login procedures for online accounts and mobile devices. A method they’re calling “vitamin authentication” builds on the Proteus Digital Pill which has been used since 2010 to log health data from inside an individual’s gut. The FDA-approved pill incorporates a sensor smaller than a grain of sand. Upon ingestion, it powers up on your stomach acids and generates an 18-bit signal that is detectable by your mobile device or other authentication-enabled hardware.

“Authentication is irritating. In fact it’s so irritating only about half the people do it …despite the fact there is a lot of information about you on your smartphone, which makes you far more prone to identity theft,” said Regina Dugan, who at the time was senior vice president of Advance Research at Motorola Mobility. Dugan, you might remember, was the head of DARPA from 2009-2012.

By placing the means of identity verification within users’ bodies via this once-a-day pill, Motorola hopes to remove the hassle from logging in while securing the process of authentication beyond the reach of hackers and would-be identity thieves.

For those who might not be ready to “swallow” the digital pill approach, Bionym, Inc. has designed the Nymi bracelet. This plastic wristband reads the unique signature of your heartbeat and, upon confirming your identity, emits a Bluetooth signal to unlock your cell phone or tablet, log in to a bank account or even pay for purchases at the cash register. An onboard accelerometer and gyroscope enable you to use simple gestures to direct the device for certain kinds of access like opening a car trunk.

The key to all this is a user’s electrocardiogram, which cannot easily be forged or stolen and remains uniquely identifiable even as their heartrate fluctuates. And since authentication radiates outward from the moment Nymi has verified your ECG, the process of logging in is reduced to the simple act of reaching out for your phone or computer.

InTouch technology developed by Finnish researchers at VTT Technical Research Centre, builds file-sharing and data-transfer capability into rings, wristbands or “smart fingernails” which could double as authentication devices for your tablet, phone or computer.

Powered like an RFID chip, the InTouch device allows you to momentarily capture and store websites or small images simply by touching your screen and then transfer that data elsewhere by touching the screen of the receiving device. Larger files like videos would actually be uploaded to the cloud and then downloaded to the destination all via InTouch. The signal emitted by the device could also open car doors, access password-protected accounts or even identify the user to secure industrial equipment.

Jani Mäntyjärvi, Principle Scientist for the project, said that the main implication of this technology is that “interaction between a user and everyday objects becomes more ‘natural’ and intuitive – no configuration, no multiple accounts to access different devices to carry out certain data transfer tasks. etc.”

He cites password fatigue and increasing acceptance of “bad privacy” deals as the essential preparation for mass acceptance of automated security technologies like that of InTouch.

These devices stand alongside recently released NFC-enabled rings, code-emitting necklaces and even implantable RFID tags, indicating that wearable tech is poised to push aside traditional systems of authentication in favor of body-borne technology that embeds the login process into physical proximity. These and other devices will increasingly capitalize on users’ own unique biometric signatures to stand in for cumbersome and hack-prone passwords and pins. With so much of our lives spread across multiple devices and domains, the time is nigh for a seamless and truly secure method of accessing our digital identity. It’s time for the Authenticated Self.